diff options
Diffstat (limited to 'sys/kern')
33 files changed, 182 insertions, 182 deletions
diff --git a/sys/kern/init_main.c b/sys/kern/init_main.c index ef404b3..ae18f12 100644 --- a/sys/kern/init_main.c +++ b/sys/kern/init_main.c @@ -448,7 +448,7 @@ proc0_init(void *dummy __unused) audit_cred_kproc0(p->p_ucred); #endif #ifdef MAC - mac_create_proc0(p->p_ucred); + mac_proc_create_swapper(p->p_ucred); #endif td->td_ucred = crhold(p->p_ucred); @@ -714,7 +714,7 @@ create_init(const void *udata __unused) oldcred = initproc->p_ucred; crcopy(newcred, oldcred); #ifdef MAC - mac_create_proc1(newcred); + mac_proc_create_init(newcred); #endif #ifdef AUDIT audit_cred_proc1(newcred); diff --git a/sys/kern/kern_acct.c b/sys/kern/kern_acct.c index 17a74c4..13c9b70 100644 --- a/sys/kern/kern_acct.c +++ b/sys/kern/kern_acct.c @@ -218,7 +218,7 @@ acct(struct thread *td, struct acct_args *uap) vfslocked = NDHASGIANT(&nd); NDFREE(&nd, NDF_ONLY_PNBUF); #ifdef MAC - error = mac_check_system_acct(td->td_ucred, nd.ni_vp); + error = mac_system_check_acct(td->td_ucred, nd.ni_vp); if (error) { VOP_UNLOCK(nd.ni_vp, 0, td); vn_close(nd.ni_vp, flags, td->td_ucred, td); @@ -235,7 +235,7 @@ acct(struct thread *td, struct acct_args *uap) VFS_UNLOCK_GIANT(vfslocked); #ifdef MAC } else { - error = mac_check_system_acct(td->td_ucred, NULL); + error = mac_system_check_acct(td->td_ucred, NULL); if (error) return (error); #endif diff --git a/sys/kern/kern_alq.c b/sys/kern/kern_alq.c index a141034..6d132a9 100644 --- a/sys/kern/kern_alq.c +++ b/sys/kern/kern_alq.c @@ -300,7 +300,7 @@ alq_doio(struct alq *alq) * XXX: VOP_WRITE error checks are ignored. */ #ifdef MAC - if (mac_check_vnode_write(alq->aq_cred, NOCRED, vp) == 0) + if (mac_vnode_check_write(alq->aq_cred, NOCRED, vp) == 0) #endif VOP_WRITE(vp, &auio, IO_UNIT | IO_APPEND, alq->aq_cred); VOP_UNLOCK(vp, 0, td); diff --git a/sys/kern/kern_environment.c b/sys/kern/kern_environment.c index ca20f38..34b1eec 100644 --- a/sys/kern/kern_environment.c +++ b/sys/kern/kern_environment.c @@ -95,7 +95,7 @@ kenv(td, uap) error = 0; if (uap->what == KENV_DUMP) { #ifdef MAC - error = mac_check_kenv_dump(td->td_ucred); + error = mac_kenv_check_dump(td->td_ucred); if (error) return (error); #endif @@ -148,7 +148,7 @@ kenv(td, uap) switch (uap->what) { case KENV_GET: #ifdef MAC - error = mac_check_kenv_get(td->td_ucred, name); + error = mac_kenv_check_get(td->td_ucred, name); if (error) goto done; #endif @@ -181,7 +181,7 @@ kenv(td, uap) goto done; } #ifdef MAC - error = mac_check_kenv_set(td->td_ucred, name, value); + error = mac_kenv_check_set(td->td_ucred, name, value); if (error == 0) #endif setenv(name, value); @@ -189,7 +189,7 @@ kenv(td, uap) break; case KENV_UNSET: #ifdef MAC - error = mac_check_kenv_unset(td->td_ucred, name); + error = mac_kenv_check_unset(td->td_ucred, name); if (error) goto done; #endif diff --git a/sys/kern/kern_exec.c b/sys/kern/kern_exec.c index b3884d0..d2798db 100644 --- a/sys/kern/kern_exec.c +++ b/sys/kern/kern_exec.c @@ -439,7 +439,7 @@ interpret: NDFREE(ndp, NDF_ONLY_PNBUF); #ifdef MAC interplabel = mac_vnode_label_alloc(); - mac_copy_vnode_label(ndp->ni_vp->v_label, interplabel); + mac_vnode_copy_label(ndp->ni_vp->v_label, interplabel); #endif vput(ndp->ni_vp); vm_object_deallocate(imgp->object); @@ -550,7 +550,7 @@ interpret: credential_changing |= (attr.va_mode & VSGID) && oldcred->cr_gid != attr.va_gid; #ifdef MAC - will_transition = mac_execve_will_transition(oldcred, imgp->vp, + will_transition = mac_vnode_execve_will_transition(oldcred, imgp->vp, interplabel, imgp); credential_changing |= will_transition; #endif @@ -604,7 +604,7 @@ interpret: change_egid(newcred, attr.va_gid); #ifdef MAC if (will_transition) { - mac_execve_transition(oldcred, newcred, imgp->vp, + mac_vnode_execve_transition(oldcred, newcred, imgp->vp, interplabel, imgp); } #endif @@ -1191,7 +1191,7 @@ exec_check_permissions(imgp) return (error); #ifdef MAC - error = mac_check_vnode_exec(td->td_ucred, imgp->vp, imgp); + error = mac_vnode_check_exec(td->td_ucred, imgp->vp, imgp); if (error) return (error); #endif diff --git a/sys/kern/kern_exit.c b/sys/kern/kern_exit.c index 696a101..94b949b 100644 --- a/sys/kern/kern_exit.c +++ b/sys/kern/kern_exit.c @@ -791,7 +791,7 @@ loop: */ vm_waitproc(p); #ifdef MAC - mac_destroy_proc(p); + mac_proc_destroy(p); #endif KASSERT(FIRST_THREAD_IN_PROC(p), ("kern_wait: no residual thread!")); diff --git a/sys/kern/kern_fork.c b/sys/kern/kern_fork.c index 1043d1c..52f68f0 100644 --- a/sys/kern/kern_fork.c +++ b/sys/kern/kern_fork.c @@ -285,7 +285,7 @@ fork1(td, flags, pages, procp) /* Allocate new proc. */ newproc = uma_zalloc(proc_zone, M_WAITOK); #ifdef MAC - mac_init_proc(newproc); + mac_proc_init(newproc); #endif knlist_init(&newproc->p_klist, &newproc->p_mtx, NULL, NULL, NULL); STAILQ_INIT(&newproc->p_ktr); @@ -752,7 +752,7 @@ fail: td->td_ucred->cr_ruid); sx_xunlock(&allproc_lock); #ifdef MAC - mac_destroy_proc(newproc); + mac_proc_destroy(newproc); #endif uma_zfree(proc_zone, newproc); if (p1->p_flag & P_HADTHREADS) { diff --git a/sys/kern/kern_jail.c b/sys/kern/kern_jail.c index 49bc0806..1bcc264 100644 --- a/sys/kern/kern_jail.c +++ b/sys/kern/kern_jail.c @@ -258,7 +258,7 @@ jail_attach(struct thread *td, struct jail_attach_args *uap) if ((error = change_dir(pr->pr_root, td)) != 0) goto e_unlock; #ifdef MAC - if ((error = mac_check_vnode_chroot(td->td_ucred, pr->pr_root))) + if ((error = mac_vnode_check_chroot(td->td_ucred, pr->pr_root))) goto e_unlock; #endif VOP_UNLOCK(pr->pr_root, 0, td); diff --git a/sys/kern/kern_ktrace.c b/sys/kern/kern_ktrace.c index 2b7ee33..4e5a63c 100644 --- a/sys/kern/kern_ktrace.c +++ b/sys/kern/kern_ktrace.c @@ -927,7 +927,7 @@ ktr_writerequest(struct thread *td, struct ktr_request *req) vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); (void)VOP_LEASE(vp, td, cred, LEASE_WRITE); #ifdef MAC - error = mac_check_vnode_write(cred, NOCRED, vp); + error = mac_vnode_check_write(cred, NOCRED, vp); if (error == 0) #endif error = VOP_WRITE(vp, &auio, IO_UNIT | IO_APPEND, cred); diff --git a/sys/kern/kern_linker.c b/sys/kern/kern_linker.c index 324d349..e6080aa 100644 --- a/sys/kern/kern_linker.c +++ b/sys/kern/kern_linker.c @@ -995,7 +995,7 @@ kldfind(struct thread *td, struct kldfind_args *uap) int error; #ifdef MAC - error = mac_check_kld_stat(td->td_ucred); + error = mac_kld_check_stat(td->td_ucred); if (error) return (error); #endif @@ -1026,7 +1026,7 @@ kldnext(struct thread *td, struct kldnext_args *uap) int error = 0; #ifdef MAC - error = mac_check_kld_stat(td->td_ucred); + error = mac_kld_check_stat(td->td_ucred); if (error) return (error); #endif @@ -1076,7 +1076,7 @@ kldstat(struct thread *td, struct kldstat_args *uap) return (EINVAL); #ifdef MAC - error = mac_check_kld_stat(td->td_ucred); + error = mac_kld_check_stat(td->td_ucred); if (error) return (error); #endif @@ -1119,7 +1119,7 @@ kldfirstmod(struct thread *td, struct kldfirstmod_args *uap) int error = 0; #ifdef MAC - error = mac_check_kld_stat(td->td_ucred); + error = mac_kld_check_stat(td->td_ucred); if (error) return (error); #endif @@ -1151,7 +1151,7 @@ kldsym(struct thread *td, struct kldsym_args *uap) int error = 0; #ifdef MAC - error = mac_check_kld_stat(td->td_ucred); + error = mac_kld_check_stat(td->td_ucred); if (error) return (error); #endif @@ -1997,7 +1997,7 @@ sysctl_kern_function_list(SYSCTL_HANDLER_ARGS) int error; #ifdef MAC - error = mac_check_kld_stat(req->td->td_ucred); + error = mac_kld_check_stat(req->td->td_ucred); if (error) return (error); #endif diff --git a/sys/kern/kern_mbuf.c b/sys/kern/kern_mbuf.c index 9015e24..97f4075 100644 --- a/sys/kern/kern_mbuf.c +++ b/sys/kern/kern_mbuf.c @@ -323,7 +323,7 @@ mb_ctor_mbuf(void *mem, int size, void *arg, int how) SLIST_INIT(&m->m_pkthdr.tags); #ifdef MAC /* If the label init fails, fail the alloc */ - error = mac_init_mbuf(m, how); + error = mac_mbuf_init(m, how); if (error) return (error); #endif @@ -543,7 +543,7 @@ mb_ctor_pack(void *mem, int size, void *arg, int how) SLIST_INIT(&m->m_pkthdr.tags); #ifdef MAC /* If the label init fails, fail the alloc */ - error = mac_init_mbuf(m, how); + error = mac_mbuf_init(m, how); if (error) return (error); #endif diff --git a/sys/kern/kern_prot.c b/sys/kern/kern_prot.c index 18d3b2a..cd0fb17 100644 --- a/sys/kern/kern_prot.c +++ b/sys/kern/kern_prot.c @@ -482,7 +482,7 @@ setuid(struct thread *td, struct setuid_args *uap) oldcred = p->p_ucred; #ifdef MAC - error = mac_check_proc_setuid(p, oldcred, uid); + error = mac_proc_check_setuid(p, oldcred, uid); if (error) goto fail; #endif @@ -594,7 +594,7 @@ seteuid(struct thread *td, struct seteuid_args *uap) oldcred = p->p_ucred; #ifdef MAC - error = mac_check_proc_seteuid(p, oldcred, euid); + error = mac_proc_check_seteuid(p, oldcred, euid); if (error) goto fail; #endif @@ -647,7 +647,7 @@ setgid(struct thread *td, struct setgid_args *uap) oldcred = p->p_ucred; #ifdef MAC - error = mac_check_proc_setgid(p, oldcred, gid); + error = mac_proc_check_setgid(p, oldcred, gid); if (error) goto fail; #endif @@ -746,7 +746,7 @@ setegid(struct thread *td, struct setegid_args *uap) oldcred = p->p_ucred; #ifdef MAC - error = mac_check_proc_setegid(p, oldcred, egid); + error = mac_proc_check_setegid(p, oldcred, egid); if (error) goto fail; #endif @@ -808,7 +808,7 @@ kern_setgroups(struct thread *td, u_int ngrp, gid_t *groups) oldcred = p->p_ucred; #ifdef MAC - error = mac_check_proc_setgroups(p, oldcred, ngrp, groups); + error = mac_proc_check_setgroups(p, oldcred, ngrp, groups); if (error) goto fail; #endif @@ -873,7 +873,7 @@ setreuid(register struct thread *td, struct setreuid_args *uap) oldcred = p->p_ucred; #ifdef MAC - error = mac_check_proc_setreuid(p, oldcred, ruid, euid); + error = mac_proc_check_setreuid(p, oldcred, ruid, euid); if (error) goto fail; #endif @@ -938,7 +938,7 @@ setregid(register struct thread *td, struct setregid_args *uap) oldcred = p->p_ucred; #ifdef MAC - error = mac_check_proc_setregid(p, oldcred, rgid, egid); + error = mac_proc_check_setregid(p, oldcred, rgid, egid); if (error) goto fail; #endif @@ -1009,7 +1009,7 @@ setresuid(register struct thread *td, struct setresuid_args *uap) oldcred = p->p_ucred; #ifdef MAC - error = mac_check_proc_setresuid(p, oldcred, ruid, euid, suid); + error = mac_proc_check_setresuid(p, oldcred, ruid, euid, suid); if (error) goto fail; #endif @@ -1086,7 +1086,7 @@ setresgid(register struct thread *td, struct setresgid_args *uap) oldcred = p->p_ucred; #ifdef MAC - error = mac_check_proc_setresgid(p, oldcred, rgid, egid, sgid); + error = mac_proc_check_setresgid(p, oldcred, rgid, egid, sgid); if (error) goto fail; #endif @@ -1369,7 +1369,7 @@ cr_cansee(struct ucred *u1, struct ucred *u2) if ((error = prison_check(u1, u2))) return (error); #ifdef MAC - if ((error = mac_check_cred_visible(u1, u2))) + if ((error = mac_cred_check_visible(u1, u2))) return (error); #endif if ((error = cr_seeotheruids(u1, u2))) @@ -1430,7 +1430,7 @@ cr_cansignal(struct ucred *cred, struct proc *proc, int signum) if (error) return (error); #ifdef MAC - if ((error = mac_check_proc_signal(cred, proc, signum))) + if ((error = mac_proc_check_signal(cred, proc, signum))) return (error); #endif if ((error = cr_seeotheruids(cred, proc->p_ucred))) @@ -1547,7 +1547,7 @@ p_cansched(struct thread *td, struct proc *p) if ((error = prison_check(td->td_ucred, p->p_ucred))) return (error); #ifdef MAC - if ((error = mac_check_proc_sched(td->td_ucred, p))) + if ((error = mac_proc_check_sched(td->td_ucred, p))) return (error); #endif if ((error = cr_seeotheruids(td->td_ucred, p->p_ucred))) @@ -1604,7 +1604,7 @@ p_candebug(struct thread *td, struct proc *p) if ((error = prison_check(td->td_ucred, p->p_ucred))) return (error); #ifdef MAC - if ((error = mac_check_proc_debug(td->td_ucred, p))) + if ((error = mac_proc_check_debug(td->td_ucred, p))) return (error); #endif if ((error = cr_seeotheruids(td->td_ucred, p->p_ucred))) @@ -1691,7 +1691,7 @@ cr_canseesocket(struct ucred *cred, struct socket *so) return (ENOENT); #ifdef MAC SOCK_LOCK(so); - error = mac_check_socket_visible(cred, so); + error = mac_socket_check_visible(cred, so); SOCK_UNLOCK(so); if (error) return (error); @@ -1723,7 +1723,7 @@ p_canwait(struct thread *td, struct proc *p) if ((error = prison_check(td->td_ucred, p->p_ucred))) return (error); #ifdef MAC - if ((error = mac_check_proc_wait(td->td_ucred, p))) + if ((error = mac_proc_check_wait(td->td_ucred, p))) return (error); #endif #if 0 @@ -1749,7 +1749,7 @@ crget(void) audit_cred_init(cr); #endif #ifdef MAC - mac_init_cred(cr); + mac_cred_init(cr); #endif return (cr); } @@ -1793,7 +1793,7 @@ crfree(struct ucred *cr) audit_cred_destroy(cr); #endif #ifdef MAC - mac_destroy_cred(cr); + mac_cred_destroy(cr); #endif FREE(cr, M_CRED); } @@ -1828,7 +1828,7 @@ crcopy(struct ucred *dest, struct ucred *src) audit_cred_copy(src, dest); #endif #ifdef MAC - mac_copy_cred(src, dest); + mac_cred_copy(src, dest); #endif } diff --git a/sys/kern/kern_shutdown.c b/sys/kern/kern_shutdown.c index bd1aeaf..14a74b7 100644 --- a/sys/kern/kern_shutdown.c +++ b/sys/kern/kern_shutdown.c @@ -160,7 +160,7 @@ reboot(struct thread *td, struct reboot_args *uap) error = 0; #ifdef MAC - error = mac_check_system_reboot(td->td_ucred, uap->opt); + error = mac_system_check_reboot(td->td_ucred, uap->opt); #endif if (error == 0) error = priv_check(td, PRIV_REBOOT); diff --git a/sys/kern/kern_sysctl.c b/sys/kern/kern_sysctl.c index dc64f31..2ce6f7e 100644 --- a/sys/kern/kern_sysctl.c +++ b/sys/kern/kern_sysctl.c @@ -1298,7 +1298,7 @@ sysctl_root(SYSCTL_HANDLER_ARGS) arg2 = oid->oid_arg2; } #ifdef MAC - error = mac_check_system_sysctl(req->td->td_ucred, oid, arg1, arg2, + error = mac_system_check_sysctl(req->td->td_ucred, oid, arg1, arg2, req); if (error != 0) return (error); diff --git a/sys/kern/link_elf.c b/sys/kern/link_elf.c index 5e9480c..86e69a2 100644 --- a/sys/kern/link_elf.c +++ b/sys/kern/link_elf.c @@ -572,7 +572,7 @@ link_elf_load_file(linker_class_t cls, const char* filename, vfslocked = NDHASGIANT(&nd); NDFREE(&nd, NDF_ONLY_PNBUF); #ifdef MAC - error = mac_check_kld_load(curthread->td_ucred, nd.ni_vp); + error = mac_kld_check_load(curthread->td_ucred, nd.ni_vp); if (error) { firstpage = NULL; goto out; diff --git a/sys/kern/link_elf_obj.c b/sys/kern/link_elf_obj.c index 6426fc0..1798253 100644 --- a/sys/kern/link_elf_obj.c +++ b/sys/kern/link_elf_obj.c @@ -410,7 +410,7 @@ link_elf_load_file(linker_class_t cls, const char *filename, vfslocked = NDHASGIANT(&nd); NDFREE(&nd, NDF_ONLY_PNBUF); #ifdef MAC - error = mac_check_kld_load(td->td_ucred, nd.ni_vp); + error = mac_kld_check_load(td->td_ucred, nd.ni_vp); if (error) { goto out; } diff --git a/sys/kern/sys_pipe.c b/sys/kern/sys_pipe.c index 6871306..4e3f523 100644 --- a/sys/kern/sys_pipe.c +++ b/sys/kern/sys_pipe.c @@ -323,11 +323,11 @@ pipe(td, uap) #ifdef MAC /* * The MAC label is shared between the connected endpoints. As a - * result mac_init_pipe() and mac_create_pipe() are called once + * result mac_pipe_init() and mac_pipe_create() are called once * for the pair, and not on the endpoints. */ - mac_init_pipe(pp); - mac_create_pipe(td->td_ucred, pp); + mac_pipe_init(pp); + mac_pipe_create(td->td_ucred, pp); #endif rpipe = &pp->pp_rpipe; wpipe = &pp->pp_wpipe; @@ -576,7 +576,7 @@ pipe_read(fp, uio, active_cred, flags, td) goto unlocked_error; #ifdef MAC - error = mac_check_pipe_read(active_cred, rpipe->pipe_pair); + error = mac_pipe_check_read(active_cred, rpipe->pipe_pair); if (error) goto locked_error; #endif @@ -986,7 +986,7 @@ pipe_write(fp, uio, active_cred, flags, td) return (EPIPE); } #ifdef MAC - error = mac_check_pipe_write(active_cred, wpipe->pipe_pair); + error = mac_pipe_check_write(active_cred, wpipe->pipe_pair); if (error) { pipeunlock(wpipe); PIPE_UNLOCK(rpipe); @@ -1252,7 +1252,7 @@ pipe_ioctl(fp, cmd, data, active_cred, td) PIPE_LOCK(mpipe); #ifdef MAC - error = mac_check_pipe_ioctl(active_cred, mpipe->pipe_pair, cmd, data); + error = mac_pipe_check_ioctl(active_cred, mpipe->pipe_pair, cmd, data); if (error) { PIPE_UNLOCK(mpipe); return (error); @@ -1326,7 +1326,7 @@ pipe_poll(fp, events, active_cred, td) wpipe = rpipe->pipe_peer; PIPE_LOCK(rpipe); #ifdef MAC - error = mac_check_pipe_poll(active_cred, rpipe->pipe_pair); + error = mac_pipe_check_poll(active_cred, rpipe->pipe_pair); if (error) goto locked_error; #endif @@ -1382,7 +1382,7 @@ pipe_stat(fp, ub, active_cred, td) int error; PIPE_LOCK(pipe); - error = mac_check_pipe_stat(active_cred, pipe->pipe_pair); + error = mac_pipe_check_stat(active_cred, pipe->pipe_pair); PIPE_UNLOCK(pipe); if (error) return (error); @@ -1511,7 +1511,7 @@ pipeclose(cpipe) if (ppipe->pipe_present == 0) { PIPE_UNLOCK(cpipe); #ifdef MAC - mac_destroy_pipe(pp); + mac_pipe_destroy(pp); #endif uma_zfree(pipe_zone, cpipe->pipe_pair); } else diff --git a/sys/kern/sys_socket.c b/sys/kern/sys_socket.c index 9229658..7e4547c 100644 --- a/sys/kern/sys_socket.c +++ b/sys/kern/sys_socket.c @@ -77,7 +77,7 @@ soo_read(struct file *fp, struct uio *uio, struct ucred *active_cred, int error; SOCK_LOCK(so); - error = mac_check_socket_receive(active_cred, so); + error = mac_socket_check_receive(active_cred, so); SOCK_UNLOCK(so); if (error) return (error); @@ -95,7 +95,7 @@ soo_write(struct file *fp, struct uio *uio, struct ucred *active_cred, #ifdef MAC SOCK_LOCK(so); - error = mac_check_socket_send(active_cred, so); + error = mac_socket_check_send(active_cred, so); SOCK_UNLOCK(so); if (error) return (error); @@ -208,7 +208,7 @@ soo_poll(struct file *fp, int events, struct ucred *active_cred, int error; SOCK_LOCK(so); - error = mac_check_socket_poll(active_cred, so); + error = mac_socket_check_poll(active_cred, so); SOCK_UNLOCK(so); if (error) return (error); @@ -229,7 +229,7 @@ soo_stat(struct file *fp, struct stat *ub, struct ucred *active_cred, ub->st_mode = S_IFSOCK; #ifdef MAC SOCK_LOCK(so); - error = mac_check_socket_stat(active_cred, so); + error = mac_socket_check_stat(active_cred, so); SOCK_UNLOCK(so); if (error) return (error); diff --git a/sys/kern/sysv_msg.c b/sys/kern/sysv_msg.c index bd5ca90..fe92186 100644 --- a/sys/kern/sysv_msg.c +++ b/sys/kern/sysv_msg.c @@ -224,7 +224,7 @@ msginit() msghdrs[i-1].msg_next = &msghdrs[i]; msghdrs[i].msg_next = NULL; #ifdef MAC - mac_init_sysv_msgmsg(&msghdrs[i]); + mac_sysvmsg_init(&msghdrs[i]); #endif } free_msghdrs = &msghdrs[0]; @@ -237,7 +237,7 @@ msginit() msqids[i].u.msg_perm.seq = 0; /* reset to a known value */ msqids[i].u.msg_perm.mode = 0; #ifdef MAC - mac_init_sysv_msgqueue(&msqids[i]); + mac_sysvmsq_init(&msqids[i]); #endif } mtx_init(&msq_mtx, "msq", NULL, MTX_DEF); @@ -269,9 +269,9 @@ msgunload() #ifdef MAC for (i = 0; i < msginfo.msgtql; i++) - mac_destroy_sysv_msgmsg(&msghdrs[i]); + mac_sysvmsg_destroy(&msghdrs[i]); for (msqid = 0; msqid < msginfo.msgmni; msqid++) - mac_destroy_sysv_msgqueue(&msqids[msqid]); + mac_sysvmsq_destroy(&msqids[msqid]); #endif free(msgpool, M_MSG); free(msgmaps, M_MSG); @@ -369,7 +369,7 @@ msg_freehdr(msghdr) msghdr->msg_next = free_msghdrs; free_msghdrs = msghdr; #ifdef MAC - mac_cleanup_sysv_msgmsg(msghdr); + mac_sysvmsg_cleanup(msghdr); #endif } @@ -435,7 +435,7 @@ kern_msgctl(td, msqid, cmd, msqbuf) goto done2; } #ifdef MAC - error = mac_check_sysv_msqctl(td->td_ucred, msqkptr, cmd); + error = mac_sysvmsq_check_msqctl(td->td_ucred, msqkptr, cmd); if (error != 0) goto done2; #endif @@ -463,7 +463,7 @@ kern_msgctl(td, msqid, cmd, msqbuf) */ for (msghdr = msqkptr->u.msg_first; msghdr != NULL; msghdr = msghdr->msg_next) { - error = mac_check_sysv_msgrmid(td->td_ucred, msghdr); + error = mac_sysvmsq_check_msgrmid(td->td_ucred, msghdr); if (error != 0) goto done2; } @@ -490,7 +490,7 @@ kern_msgctl(td, msqid, cmd, msqbuf) msqkptr->u.msg_qbytes = 0; /* Mark it as free */ #ifdef MAC - mac_cleanup_sysv_msgqueue(msqkptr); + mac_sysvmsq_cleanup(msqkptr); #endif wakeup(msqkptr); @@ -589,7 +589,7 @@ msgget(td, uap) goto done2; } #ifdef MAC - error = mac_check_sysv_msqget(cred, msqkptr); + error = mac_sysvmsq_check_msqget(cred, msqkptr); if (error != 0) goto done2; #endif @@ -636,7 +636,7 @@ msgget(td, uap) msqkptr->u.msg_rtime = 0; msqkptr->u.msg_ctime = time_second; #ifdef MAC - mac_create_sysv_msgqueue(cred, msqkptr); + mac_sysvmsq_create(cred, msqkptr); #endif } else { DPRINTF(("didn't find it and wasn't asked to create it\n")); @@ -705,7 +705,7 @@ kern_msgsnd(td, msqid, msgp, msgsz, msgflg, mtype) } #ifdef MAC - error = mac_check_sysv_msqsnd(td->td_ucred, msqkptr); + error = mac_sysvmsq_check_msqsnd(td->td_ucred, msqkptr); if (error != 0) goto done2; #endif @@ -830,11 +830,11 @@ kern_msgsnd(td, msqid, msgp, msgsz, msgflg, mtype) msghdr->msg_type = mtype; #ifdef MAC /* - * XXXMAC: Should the mac_check_sysv_msgmsq check follow here + * XXXMAC: Should the mac_sysvmsq_check_msgmsq check follow here * immediately? Or, should it be checked just before the msg is * enqueued in the msgq (as it is done now)? */ - mac_create_sysv_msgmsg(td->td_ucred, msqkptr, msghdr); + mac_sysvmsg_create(td->td_ucred, msqkptr, msghdr); #endif /* @@ -928,14 +928,14 @@ kern_msgsnd(td, msqid, msgp, msgsz, msgflg, mtype) * Note: Since the task/thread allocates the msghdr and usually * primes it with its own MAC label, for a majority of policies, it * won't be necessary to check whether the msghdr has access - * permissions to the msgq. The mac_check_sysv_msqsnd check would + * permissions to the msgq. The mac_sysvmsq_check_msqsnd check would * suffice in that case. However, this hook may be required where * individual policies derive a non-identical label for the msghdr * from the current thread label and may want to check the msghdr * enqueue permissions, along with read/write permissions to the * msgq. */ - error = mac_check_sysv_msgmsq(td->td_ucred, msghdr, msqkptr); + error = mac_sysvmsq_check_msgmsq(td->td_ucred, msghdr, msqkptr); if (error != 0) { msg_freehdr(msghdr); wakeup(msqkptr); @@ -1042,7 +1042,7 @@ kern_msgrcv(td, msqid, msgp, msgsz, msgtyp, msgflg, mtype) } #ifdef MAC - error = mac_check_sysv_msqrcv(td->td_ucred, msqkptr); + error = mac_sysvmsq_check_msqrcv(td->td_ucred, msqkptr); if (error != 0) goto done2; #endif @@ -1061,7 +1061,7 @@ kern_msgrcv(td, msqid, msgp, msgsz, msgtyp, msgflg, mtype) goto done2; } #ifdef MAC - error = mac_check_sysv_msgrcv(td->td_ucred, + error = mac_sysvmsq_check_msgrcv(td->td_ucred, msghdr); if (error != 0) goto done2; @@ -1106,7 +1106,7 @@ kern_msgrcv(td, msqid, msgp, msgsz, msgtyp, msgflg, mtype) goto done2; } #ifdef MAC - error = mac_check_sysv_msgrcv( + error = mac_sysvmsq_check_msgrcv( td->td_ucred, msghdr); if (error != 0) goto done2; diff --git a/sys/kern/sysv_sem.c b/sys/kern/sysv_sem.c index 48548a2..bea7832 100644 --- a/sys/kern/sysv_sem.c +++ b/sys/kern/sysv_sem.c @@ -245,7 +245,7 @@ seminit(void) sema[i].u.sem_perm.mode = 0; sema[i].u.sem_perm.seq = 0; #ifdef MAC - mac_init_sysv_sem(&sema[i]); + mac_sysvsem_init(&sema[i]); #endif } for (i = 0; i < seminfo.semmni; i++) @@ -271,7 +271,7 @@ semunload(void) EVENTHANDLER_DEREGISTER(process_exit, semexit_tag); #ifdef MAC for (i = 0; i < seminfo.semmni; i++) - mac_destroy_sysv_sem(&sema[i]); + mac_sysvsem_destroy(&sema[i]); #endif free(sem, M_SEM); free(sema, M_SEM); @@ -639,7 +639,7 @@ kern_semctl(struct thread *td, int semid, int semnum, int cmd, if ((error = ipcperm(td, &semakptr->u.sem_perm, IPC_R))) goto done2; #ifdef MAC - error = mac_check_sysv_semctl(cred, semakptr, cmd); + error = mac_sysvsem_check_semctl(cred, semakptr, cmd); if (error != 0) goto done2; #endif @@ -657,7 +657,7 @@ kern_semctl(struct thread *td, int semid, int semnum, int cmd, sema_mtxp = &sema_mtx[semidx]; mtx_lock(sema_mtxp); #ifdef MAC - error = mac_check_sysv_semctl(cred, semakptr, cmd); + error = mac_sysvsem_check_semctl(cred, semakptr, cmd); if (error != 0) goto done2; #endif @@ -683,7 +683,7 @@ kern_semctl(struct thread *td, int semid, int semnum, int cmd, } semakptr->u.sem_perm.mode = 0; #ifdef MAC - mac_cleanup_sysv_sem(semakptr); + mac_sysvsem_cleanup(semakptr); #endif SEMUNDO_LOCK(); semundo_clear(semidx, -1); @@ -906,7 +906,7 @@ semget(td, uap) goto done2; } #ifdef MAC - error = mac_check_sysv_semget(cred, &sema[semid]); + error = mac_sysvsem_check_semget(cred, &sema[semid]); if (error != 0) goto done2; #endif @@ -955,7 +955,7 @@ semget(td, uap) bzero(sema[semid].u.sem_base, sizeof(sema[semid].u.sem_base[0])*nsems); #ifdef MAC - mac_create_sysv_sem(cred, &sema[semid]); + mac_sysvsem_create(cred, &sema[semid]); #endif DPRINTF(("sembase = %p, next = %p\n", sema[semid].u.sem_base, &sem[semtot])); @@ -1063,7 +1063,7 @@ semop(td, uap) goto done2; } #ifdef MAC - error = mac_check_sysv_semop(td->td_ucred, semakptr, j); + error = mac_sysvsem_check_semop(td->td_ucred, semakptr, j); if (error != 0) goto done2; #endif diff --git a/sys/kern/sysv_shm.c b/sys/kern/sysv_shm.c index 574c3de..57b6c5e 100644 --- a/sys/kern/sysv_shm.c +++ b/sys/kern/sysv_shm.c @@ -255,7 +255,7 @@ shm_deallocate_segment(shmseg) shm_nused--; shmseg->u.shm_perm.mode = SHMSEG_FREE; #ifdef MAC - mac_cleanup_sysv_shm(shmseg); + mac_sysvshm_cleanup(shmseg); #endif } @@ -322,7 +322,7 @@ shmdt(td, uap) } #ifdef MAC shmsegptr = &shmsegs[IPCID_TO_IX(shmmap_s->shmid)]; - error = mac_check_sysv_shmdt(td->td_ucred, shmsegptr); + error = mac_sysvshm_check_shmdt(td->td_ucred, shmsegptr); if (error != 0) goto done2; #endif @@ -377,7 +377,7 @@ kern_shmat(td, shmid, shmaddr, shmflg) if (error) goto done2; #ifdef MAC - error = mac_check_sysv_shmat(td->td_ucred, shmseg, shmflg); + error = mac_sysvshm_check_shmat(td->td_ucred, shmseg, shmflg); if (error != 0) goto done2; #endif @@ -492,7 +492,7 @@ oshmctl(td, uap) if (error) goto done2; #ifdef MAC - error = mac_check_sysv_shmctl(td->td_ucred, shmseg, uap->cmd); + error = mac_sysvshm_check_shmctl(td->td_ucred, shmseg, uap->cmd); if (error != 0) goto done2; #endif @@ -575,7 +575,7 @@ kern_shmctl(td, shmid, cmd, buf, bufsz) goto done2; } #ifdef MAC - error = mac_check_sysv_shmctl(td->td_ucred, shmseg, cmd); + error = mac_sysvshm_check_shmctl(td->td_ucred, shmseg, cmd); if (error != 0) goto done2; #endif @@ -701,7 +701,7 @@ shmget_existing(td, uap, mode, segnum) if ((uap->shmflg & (IPC_CREAT | IPC_EXCL)) == (IPC_CREAT | IPC_EXCL)) return (EEXIST); #ifdef MAC - error = mac_check_sysv_shmget(td->td_ucred, shmseg, uap->shmflg); + error = mac_sysvshm_check_shmget(td->td_ucred, shmseg, uap->shmflg); if (error != 0) return (error); #endif @@ -779,7 +779,7 @@ shmget_allocate_segment(td, uap, mode) shmseg->u.shm_lpid = shmseg->u.shm_nattch = 0; shmseg->u.shm_atime = shmseg->u.shm_dtime = 0; #ifdef MAC - mac_create_sysv_shm(cred, shmseg); + mac_sysvshm_create(cred, shmseg); #endif shmseg->u.shm_ctime = time_second; shm_committed += btoc(size); @@ -911,7 +911,7 @@ shmrealloc(void) shmsegs[i].u.shm_perm.mode = SHMSEG_FREE; shmsegs[i].u.shm_perm.seq = 0; #ifdef MAC - mac_init_sysv_shm(&shmsegs[i]); + mac_sysvshm_init(&shmsegs[i]); #endif } free(shmsegs, M_SHM); @@ -943,7 +943,7 @@ shminit() shmsegs[i].u.shm_perm.mode = SHMSEG_FREE; shmsegs[i].u.shm_perm.seq = 0; #ifdef MAC - mac_init_sysv_shm(&shmsegs[i]); + mac_sysvshm_init(&shmsegs[i]); #endif } shm_last_free = 0; @@ -965,7 +965,7 @@ shmunload() #ifdef MAC for (i = 0; i < shmalloced; i++) - mac_destroy_sysv_shm(&shmsegs[i]); + mac_sysvshm_destroy(&shmsegs[i]); #endif free(shmsegs, M_SHM); shmexit_hook = NULL; diff --git a/sys/kern/uipc_mbuf2.c b/sys/kern/uipc_mbuf2.c index c8363f8..6fe83b0 100644 --- a/sys/kern/uipc_mbuf2.c +++ b/sys/kern/uipc_mbuf2.c @@ -309,7 +309,7 @@ m_tag_free_default(struct m_tag *t) { #ifdef MAC if (t->m_tag_id == PACKET_TAG_MACLABEL) - mac_destroy_mbuf_tag(t); + mac_mbuf_tag_destroy(t); #endif free(t, M_PACKET_TAGS); } @@ -413,11 +413,11 @@ m_tag_copy(struct m_tag *t, int how) * special from the mbuf code? */ if (t->m_tag_id == PACKET_TAG_MACLABEL) { - if (mac_init_mbuf_tag(p, how) != 0) { + if (mac_mbuf_tag_init(p, how) != 0) { m_tag_free(p); return (NULL); } - mac_copy_mbuf_tag(t, p); + mac_mbuf_tag_copy(t, p); } else #endif bcopy(t + 1, p + 1, t->m_tag_len); /* Copy the data */ diff --git a/sys/kern/uipc_sem.c b/sys/kern/uipc_sem.c index c9903aa..588d6bf 100644 --- a/sys/kern/uipc_sem.c +++ b/sys/kern/uipc_sem.c @@ -215,8 +215,8 @@ sem_create(struct thread *td, const char *name, struct ksem **ksret, cv_init(&ret->ks_cv, "sem"); LIST_INIT(&ret->ks_users); #ifdef MAC - mac_init_posix_sem(ret); - mac_create_posix_sem(uc, ret); + mac_posixsem_init(ret); + mac_posixsem_create(uc, ret); #endif if (name != NULL) sem_enter(td->td_proc, ret); @@ -381,7 +381,7 @@ kern_sem_open(struct thread *td, int dir, const char *name, int oflag, } } else { #ifdef MAC - error = mac_check_posix_sem_open(td->td_ucred, ks); + error = mac_posixsem_check_open(td->td_ucred, ks); if (error) goto err_open; #endif @@ -540,7 +540,7 @@ kern_sem_unlink(struct thread *td, const char *name) ks = sem_lookup_byname(name); if (ks != NULL) { #ifdef MAC - error = mac_check_posix_sem_unlink(td->td_ucred, ks); + error = mac_posixsem_check_unlink(td->td_ucred, ks); if (error) { mtx_unlock(&sem_lock); return (error); @@ -614,7 +614,7 @@ kern_sem_post(struct thread *td, semid_t id) goto err; } #ifdef MAC - error = mac_check_posix_sem_post(td->td_ucred, ks); + error = mac_posixsem_check_post(td->td_ucred, ks); if (error) goto err; #endif @@ -709,7 +709,7 @@ kern_sem_wait(struct thread *td, semid_t id, int tryflag, goto err; } #ifdef MAC - error = mac_check_posix_sem_wait(td->td_ucred, ks); + error = mac_posixsem_check_wait(td->td_ucred, ks); if (error) { DP(("kern_sem_wait mac failed\n")); goto err; @@ -772,7 +772,7 @@ ksem_getvalue(struct thread *td, struct ksem_getvalue_args *uap) return (EINVAL); } #ifdef MAC - error = mac_check_posix_sem_getvalue(td->td_ucred, ks); + error = mac_posixsem_check_getvalue(td->td_ucred, ks); if (error) { mtx_unlock(&sem_lock); return (error); @@ -804,7 +804,7 @@ ksem_destroy(struct thread *td, struct ksem_destroy_args *uap) goto err; } #ifdef MAC - error = mac_check_posix_sem_destroy(td->td_ucred, ks); + error = mac_posixsem_check_destroy(td->td_ucred, ks); if (error) goto err; #endif diff --git a/sys/kern/uipc_socket.c b/sys/kern/uipc_socket.c index e2cf09b..d89b435 100644 --- a/sys/kern/uipc_socket.c +++ b/sys/kern/uipc_socket.c @@ -267,7 +267,7 @@ soalloc(void) if (so == NULL) return (NULL); #ifdef MAC - if (mac_init_socket(so, M_NOWAIT) != 0) { + if (mac_socket_init(so, M_NOWAIT) != 0) { uma_zfree(socket_zone, so); return (NULL); } @@ -312,7 +312,7 @@ sodealloc(struct socket *so) do_setopt_accept_filter(so, NULL); #endif #ifdef MAC - mac_destroy_socket(so); + mac_socket_destroy(so); #endif crfree(so->so_cred); sx_destroy(&so->so_snd.sb_sx); @@ -362,7 +362,7 @@ socreate(int dom, struct socket **aso, int type, int proto, so->so_cred = crhold(cred); so->so_proto = prp; #ifdef MAC - mac_create_socket(cred, so); + mac_socket_create(cred, so); #endif knlist_init(&so->so_rcv.sb_sel.si_note, SOCKBUF_MTX(&so->so_rcv), NULL, NULL, NULL); @@ -429,7 +429,7 @@ sonewconn(struct socket *head, int connstatus) so->so_cred = crhold(head->so_cred); #ifdef MAC SOCK_LOCK(head); - mac_create_socket_from_socket(head, so); + mac_socket_newconn(head, so); SOCK_UNLOCK(head); #endif knlist_init(&so->so_rcv.sb_sel.si_note, SOCKBUF_MTX(&so->so_rcv), diff --git a/sys/kern/uipc_syscalls.c b/sys/kern/uipc_syscalls.c index 2821a5e..faf7f24 100644 --- a/sys/kern/uipc_syscalls.c +++ b/sys/kern/uipc_syscalls.c @@ -165,7 +165,7 @@ socket(td, uap) int fd, error; #ifdef MAC - error = mac_check_socket_create(td->td_ucred, uap->domain, uap->type, + error = mac_socket_check_create(td->td_ucred, uap->domain, uap->type, uap->protocol); if (error) return (error); @@ -229,7 +229,7 @@ kern_bind(td, fd, sa) so = fp->f_data; #ifdef MAC SOCK_LOCK(so); - error = mac_check_socket_bind(td->td_ucred, so, sa); + error = mac_socket_check_bind(td->td_ucred, so, sa); SOCK_UNLOCK(so); if (error) goto done; @@ -260,7 +260,7 @@ listen(td, uap) so = fp->f_data; #ifdef MAC SOCK_LOCK(so); - error = mac_check_socket_listen(td->td_ucred, so); + error = mac_socket_check_listen(td->td_ucred, so); SOCK_UNLOCK(so); if (error) goto done; @@ -360,7 +360,7 @@ kern_accept(struct thread *td, int s, struct sockaddr **name, } #ifdef MAC SOCK_LOCK(head); - error = mac_check_socket_accept(td->td_ucred, head); + error = mac_socket_check_accept(td->td_ucred, head); SOCK_UNLOCK(head); if (error != 0) goto done; @@ -550,7 +550,7 @@ kern_connect(td, fd, sa) } #ifdef MAC SOCK_LOCK(so); - error = mac_check_socket_connect(td->td_ucred, so, sa); + error = mac_socket_check_connect(td->td_ucred, so, sa); SOCK_UNLOCK(so); if (error) goto bad; @@ -604,7 +604,7 @@ socketpair(td, uap) #ifdef MAC /* We might want to have a separate check for socket pairs. */ - error = mac_check_socket_create(td->td_ucred, uap->domain, uap->type, + error = mac_socket_check_create(td->td_ucred, uap->domain, uap->type, uap->protocol); if (error) return (error); @@ -761,7 +761,7 @@ kern_sendit(td, s, mp, flags, control, segflg) #ifdef MAC SOCK_LOCK(so); - error = mac_check_socket_send(td->td_ucred, so); + error = mac_socket_check_send(td->td_ucred, so); SOCK_UNLOCK(so); if (error) goto bad; @@ -956,7 +956,7 @@ kern_recvit(td, s, mp, fromseg, controlp) #ifdef MAC SOCK_LOCK(so); - error = mac_check_socket_receive(td->td_ucred, so); + error = mac_socket_check_receive(td->td_ucred, so); SOCK_UNLOCK(so); if (error) { fdrop(fp, td); @@ -1849,7 +1849,7 @@ kern_sendfile(struct thread *td, struct sendfile_args *uap, #ifdef MAC SOCK_LOCK(so); - error = mac_check_socket_send(td->td_ucred, so); + error = mac_socket_check_send(td->td_ucred, so); SOCK_UNLOCK(so); if (error) goto out; @@ -2354,7 +2354,7 @@ sctp_generic_sendmsg (td, uap) so = (struct socket *)fp->f_data; #ifdef MAC SOCK_LOCK(so); - error = mac_check_socket_send(td->td_ucred, so); + error = mac_socket_check_send(td->td_ucred, so); SOCK_UNLOCK(so); if (error) goto sctp_bad; @@ -2454,7 +2454,7 @@ sctp_generic_sendmsg_iov(td, uap) so = (struct socket *)fp->f_data; #ifdef MAC SOCK_LOCK(so); - error = mac_check_socket_send(td->td_ucred, so); + error = mac_socket_check_send(td->td_ucred, so); SOCK_UNLOCK(so); if (error) goto sctp_bad; @@ -2551,7 +2551,7 @@ sctp_generic_recvmsg(td, uap) so = fp->f_data; #ifdef MAC SOCK_LOCK(so); - error = mac_check_socket_receive(td->td_ucred, so); + error = mac_socket_check_receive(td->td_ucred, so); SOCK_UNLOCK(so); if (error) { goto out; diff --git a/sys/kern/uipc_usrreq.c b/sys/kern/uipc_usrreq.c index 682496e..9fea71b4 100644 --- a/sys/kern/uipc_usrreq.c +++ b/sys/kern/uipc_usrreq.c @@ -449,7 +449,7 @@ restart: vattr.va_type = VSOCK; vattr.va_mode = (ACCESSPERMS & ~td->td_proc->p_fd->fd_cmask); #ifdef MAC - error = mac_check_vnode_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd, + error = mac_vnode_check_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd, &vattr); #endif if (error == 0) { @@ -1159,7 +1159,7 @@ unp_connect(struct socket *so, struct sockaddr *nam, struct thread *td) goto bad; } #ifdef MAC - error = mac_check_vnode_open(td->td_ucred, vp, VWRITE | VREAD); + error = mac_vnode_check_open(td->td_ucred, vp, VWRITE | VREAD); if (error) goto bad; #endif @@ -1236,8 +1236,8 @@ unp_connect(struct socket *so, struct sockaddr *nam, struct thread *td) UNP_PCB_UNLOCK(unp); #ifdef MAC SOCK_LOCK(so); - mac_set_socket_peer_from_socket(so, so3); - mac_set_socket_peer_from_socket(so3, so); + mac_socketpeer_set_from_socket(so, so3); + mac_socketpeer_set_from_socket(so3, so); SOCK_UNLOCK(so); #endif diff --git a/sys/kern/vfs_acl.c b/sys/kern/vfs_acl.c index c2456be..ea33f66 100644 --- a/sys/kern/vfs_acl.c +++ b/sys/kern/vfs_acl.c @@ -93,7 +93,7 @@ vacl_set_acl(struct thread *td, struct vnode *vp, acl_type_t type, VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE); vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); #ifdef MAC - error = mac_check_vnode_setacl(td->td_ucred, vp, type, &inkernacl); + error = mac_vnode_check_setacl(td->td_ucred, vp, type, &inkernacl); if (error != 0) goto out; #endif @@ -119,7 +119,7 @@ vacl_get_acl(struct thread *td, struct vnode *vp, acl_type_t type, VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE); vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); #ifdef MAC - error = mac_check_vnode_getacl(td->td_ucred, vp, type); + error = mac_vnode_check_getacl(td->td_ucred, vp, type); if (error != 0) goto out; #endif @@ -148,7 +148,7 @@ vacl_delete(struct thread *td, struct vnode *vp, acl_type_t type) VOP_LEASE(vp, td, td->td_ucred, LEASE_WRITE); vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); #ifdef MAC - error = mac_check_vnode_deleteacl(td->td_ucred, vp, type); + error = mac_vnode_check_deleteacl(td->td_ucred, vp, type); if (error) goto out; #endif diff --git a/sys/kern/vfs_extattr.c b/sys/kern/vfs_extattr.c index 48bfd66..0d414f8 100644 --- a/sys/kern/vfs_extattr.c +++ b/sys/kern/vfs_extattr.c @@ -180,7 +180,7 @@ extattr_set_vp(struct vnode *vp, int attrnamespace, const char *attrname, cnt = nbytes; #ifdef MAC - error = mac_check_vnode_setextattr(td->td_ucred, vp, attrnamespace, + error = mac_vnode_check_setextattr(td->td_ucred, vp, attrnamespace, attrname, &auio); if (error) goto done; @@ -358,7 +358,7 @@ extattr_get_vp(struct vnode *vp, int attrnamespace, const char *attrname, sizep = &size; #ifdef MAC - error = mac_check_vnode_getextattr(td->td_ucred, vp, attrnamespace, + error = mac_vnode_check_getextattr(td->td_ucred, vp, attrnamespace, attrname, &auio); if (error) goto done; @@ -512,7 +512,7 @@ extattr_delete_vp(struct vnode *vp, int attrnamespace, const char *attrname, vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); #ifdef MAC - error = mac_check_vnode_deleteextattr(td->td_ucred, vp, attrnamespace, + error = mac_vnode_check_deleteextattr(td->td_ucred, vp, attrnamespace, attrname); if (error) goto done; @@ -676,7 +676,7 @@ extattr_list_vp(struct vnode *vp, int attrnamespace, void *data, sizep = &size; #ifdef MAC - error = mac_check_vnode_listextattr(td->td_ucred, vp, attrnamespace); + error = mac_vnode_check_listextattr(td->td_ucred, vp, attrnamespace); if (error) goto done; #endif diff --git a/sys/kern/vfs_lookup.c b/sys/kern/vfs_lookup.c index 6349c36..0841fd3 100644 --- a/sys/kern/vfs_lookup.c +++ b/sys/kern/vfs_lookup.c @@ -252,7 +252,7 @@ namei(struct nameidata *ndp) } #ifdef MAC if ((cnp->cn_flags & NOMACCHECK) == 0) { - error = mac_check_vnode_readlink(td->td_ucred, + error = mac_vnode_check_readlink(td->td_ucred, ndp->ni_vp); if (error) break; @@ -556,7 +556,7 @@ dirloop: unionlookup: #ifdef MAC if ((cnp->cn_flags & NOMACCHECK) == 0) { - error = mac_check_vnode_lookup(td->td_ucred, dp, cnp); + error = mac_vnode_check_lookup(td->td_ucred, dp, cnp); if (error) goto bad; } diff --git a/sys/kern/vfs_mount.c b/sys/kern/vfs_mount.c index a109a3b..e8fbd50 100644 --- a/sys/kern/vfs_mount.c +++ b/sys/kern/vfs_mount.c @@ -488,8 +488,8 @@ vfs_mount_alloc(struct vnode *vp, struct vfsconf *vfsp, strlcpy(mp->mnt_stat.f_mntonname, fspath, MNAMELEN); mp->mnt_iosize_max = DFLTPHYS; #ifdef MAC - mac_init_mount(mp); - mac_create_mount(td->td_ucred, mp); + mac_mount_init(mp); + mac_mount_create(td->td_ucred, mp); #endif arc4rand(&mp->mnt_hashseed, sizeof mp->mnt_hashseed, 0); return (mp); @@ -567,7 +567,7 @@ vfs_mount_destroy(struct mount *mp) mp->mnt_secondary_writes = -1000; MNT_IUNLOCK(mp); #ifdef MAC - mac_destroy_mount(mp); + mac_mount_destroy(mp); #endif if (mp->mnt_opt != NULL) vfs_freeopts(mp->mnt_opt); diff --git a/sys/kern/vfs_subr.c b/sys/kern/vfs_subr.c index fce5beb..8dca49b 100644 --- a/sys/kern/vfs_subr.c +++ b/sys/kern/vfs_subr.c @@ -811,7 +811,7 @@ vdestroy(struct vnode *vp) VNASSERT(LIST_EMPTY(&vp->v_cache_src), vp, ("vp has namecache src")); VI_UNLOCK(vp); #ifdef MAC - mac_destroy_vnode(vp); + mac_vnode_destroy(vp); #endif if (vp->v_pollinfo != NULL) { knlist_destroy(&vp->v_pollinfo->vpi_selinfo.si_note); @@ -955,9 +955,9 @@ alloc: v_incr_usecount(vp); vp->v_data = 0; #ifdef MAC - mac_init_vnode(vp); + mac_vnode_init(vp); if (mp != NULL && (mp->mnt_flag & MNT_MULTILABEL) == 0) - mac_associate_vnode_singlelabel(mp, vp); + mac_vnode_associate_singlelabel(mp, vp); else if (mp == NULL) printf("NULL mp in getnewvnode()\n"); #endif diff --git a/sys/kern/vfs_syscalls.c b/sys/kern/vfs_syscalls.c index 07a8de1..20d722e 100644 --- a/sys/kern/vfs_syscalls.c +++ b/sys/kern/vfs_syscalls.c @@ -293,7 +293,7 @@ kern_statfs(struct thread *td, char *path, enum uio_seg pathseg, NDFREE(&nd, NDF_ONLY_PNBUF); vput(nd.ni_vp); #ifdef MAC - error = mac_check_mount_stat(td->td_ucred, mp); + error = mac_mount_check_stat(td->td_ucred, mp); if (error) goto out; #endif @@ -378,7 +378,7 @@ kern_fstatfs(struct thread *td, int fd, struct statfs *buf) goto out; } #ifdef MAC - error = mac_check_mount_stat(td->td_ucred, mp); + error = mac_mount_check_stat(td->td_ucred, mp); if (error) goto out; #endif @@ -470,7 +470,7 @@ kern_getfsstat(struct thread *td, struct statfs **buf, size_t bufsize, continue; } #ifdef MAC - if (mac_check_mount_stat(td->td_ucred, mp) != 0) { + if (mac_mount_check_stat(td->td_ucred, mp) != 0) { nmp = TAILQ_NEXT(mp, mnt_list); continue; } @@ -891,7 +891,7 @@ chroot(td, uap) if ((error = change_dir(nd.ni_vp, td)) != 0) goto e_vunlock; #ifdef MAC - if ((error = mac_check_vnode_chroot(td->td_ucred, nd.ni_vp))) + if ((error = mac_vnode_check_chroot(td->td_ucred, nd.ni_vp))) goto e_vunlock; #endif VOP_UNLOCK(nd.ni_vp, 0, td); @@ -923,7 +923,7 @@ change_dir(vp, td) if (vp->v_type != VDIR) return (ENOTDIR); #ifdef MAC - error = mac_check_vnode_chdir(td->td_ucred, vp); + error = mac_vnode_check_chdir(td->td_ucred, vp); if (error) return (error); #endif @@ -933,8 +933,8 @@ change_dir(vp, td) /* * Common routine for kern_chroot() and jail_attach(). The caller is - * responsible for invoking priv_check() and mac_check_chroot() to authorize - * this operation. + * responsible for invoking priv_check() and mac_vnode_check_chroot() to + * authorize this operation. */ int change_root(vp, td) @@ -1103,7 +1103,7 @@ kern_open(struct thread *td, char *path, enum uio_seg pathseg, int flags, vat.va_size = 0; vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); #ifdef MAC - error = mac_check_vnode_write(td->td_ucred, fp->f_cred, vp); + error = mac_vnode_check_write(td->td_ucred, fp->f_cred, vp); if (error == 0) #endif error = VOP_SETATTR(vp, &vat, td->td_ucred, td); @@ -1258,7 +1258,7 @@ restart: } #ifdef MAC if (error == 0 && !whiteout) - error = mac_check_vnode_create(td->td_ucred, nd.ni_dvp, + error = mac_vnode_check_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd, &vattr); #endif if (!error) { @@ -1341,7 +1341,7 @@ restart: vattr.va_mode = (mode & ALLPERMS) & ~td->td_proc->p_fd->fd_cmask; FILEDESC_SUNLOCK(td->td_proc->p_fd); #ifdef MAC - error = mac_check_vnode_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd, + error = mac_vnode_check_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd, &vattr); if (error) goto out; @@ -1467,7 +1467,7 @@ kern_link(struct thread *td, char *path, char *link, enum uio_seg segflg) error = can_hardlink(vp, td, td->td_ucred); if (error == 0) #ifdef MAC - error = mac_check_vnode_link(td->td_ucred, + error = mac_vnode_check_link(td->td_ucred, nd.ni_dvp, vp, &nd.ni_cnd); if (error == 0) #endif @@ -1555,7 +1555,7 @@ restart: FILEDESC_SUNLOCK(td->td_proc->p_fd); #ifdef MAC vattr.va_type = VLNK; - error = mac_check_vnode_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd, + error = mac_vnode_check_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd, &vattr); if (error) goto out2; @@ -1693,7 +1693,7 @@ restart: goto restart; } #ifdef MAC - error = mac_check_vnode_unlink(td->td_ucred, nd.ni_dvp, vp, + error = mac_vnode_check_unlink(td->td_ucred, nd.ni_dvp, vp, &nd.ni_cnd); if (error) goto out; @@ -1872,7 +1872,7 @@ vn_access(vp, user_flags, cred, td) if (user_flags & X_OK) flags |= VEXEC; #ifdef MAC - error = mac_check_vnode_access(cred, vp, flags); + error = mac_vnode_check_access(cred, vp, flags); if (error) return (error); #endif @@ -2341,7 +2341,7 @@ kern_readlink(struct thread *td, char *path, enum uio_seg pathseg, char *buf, vfslocked = NDHASGIANT(&nd); vp = nd.ni_vp; #ifdef MAC - error = mac_check_vnode_readlink(td->td_ucred, vp); + error = mac_vnode_check_readlink(td->td_ucred, vp); if (error) { vput(vp); VFS_UNLOCK_GIANT(vfslocked); @@ -2400,7 +2400,7 @@ setfflags(td, vp, flags) VATTR_NULL(&vattr); vattr.va_flags = flags; #ifdef MAC - error = mac_check_vnode_setflags(td->td_ucred, vp, vattr.va_flags); + error = mac_vnode_check_setflags(td->td_ucred, vp, vattr.va_flags); if (error == 0) #endif error = VOP_SETATTR(vp, &vattr, td->td_ucred, td); @@ -2528,7 +2528,7 @@ setfmode(td, vp, mode) VATTR_NULL(&vattr); vattr.va_mode = mode & ALLPERMS; #ifdef MAC - error = mac_check_vnode_setmode(td->td_ucred, vp, vattr.va_mode); + error = mac_vnode_check_setmode(td->td_ucred, vp, vattr.va_mode); if (error == 0) #endif error = VOP_SETATTR(vp, &vattr, td->td_ucred, td); @@ -2670,7 +2670,7 @@ setfown(td, vp, uid, gid) vattr.va_uid = uid; vattr.va_gid = gid; #ifdef MAC - error = mac_check_vnode_setowner(td->td_ucred, vp, vattr.va_uid, + error = mac_vnode_check_setowner(td->td_ucred, vp, vattr.va_uid, vattr.va_gid); if (error == 0) #endif @@ -2873,7 +2873,7 @@ setutimes(td, vp, ts, numtimes, nullflag) if (nullflag) vattr.va_vaflags |= VA_UTIMES_NULL; #ifdef MAC - error = mac_check_vnode_setutimes(td->td_ucred, vp, vattr.va_atime, + error = mac_vnode_check_setutimes(td->td_ucred, vp, vattr.va_atime, vattr.va_mtime); #endif if (error == 0) @@ -3069,7 +3069,7 @@ kern_truncate(struct thread *td, char *path, enum uio_seg pathseg, off_t length) if (vp->v_type == VDIR) error = EISDIR; #ifdef MAC - else if ((error = mac_check_vnode_write(td->td_ucred, NOCRED, vp))) { + else if ((error = mac_vnode_check_write(td->td_ucred, NOCRED, vp))) { } #endif else if ((error = vn_writechk(vp)) == 0 && @@ -3129,7 +3129,7 @@ ftruncate(td, uap) if (vp->v_type == VDIR) error = EISDIR; #ifdef MAC - else if ((error = mac_check_vnode_write(td->td_ucred, fp->f_cred, + else if ((error = mac_vnode_check_write(td->td_ucred, fp->f_cred, vp))) { } #endif @@ -3315,7 +3315,7 @@ kern_rename(struct thread *td, char *from, char *to, enum uio_seg pathseg) fvfslocked = NDHASGIANT(&fromnd); tvfslocked = 0; #ifdef MAC - error = mac_check_vnode_rename_from(td->td_ucred, fromnd.ni_dvp, + error = mac_vnode_check_rename_from(td->td_ucred, fromnd.ni_dvp, fromnd.ni_vp, &fromnd.ni_cnd); VOP_UNLOCK(fromnd.ni_dvp, 0, td); if (fromnd.ni_dvp != fromnd.ni_vp) @@ -3366,7 +3366,7 @@ kern_rename(struct thread *td, char *from, char *to, enum uio_seg pathseg) error = -1; #ifdef MAC else - error = mac_check_vnode_rename_to(td->td_ucred, tdvp, + error = mac_vnode_check_rename_to(td->td_ucred, tdvp, tond.ni_vp, fromnd.ni_dvp == tdvp, &tond.ni_cnd); #endif out: @@ -3476,7 +3476,7 @@ restart: vattr.va_mode = (mode & ACCESSPERMS) &~ td->td_proc->p_fd->fd_cmask; FILEDESC_SUNLOCK(td->td_proc->p_fd); #ifdef MAC - error = mac_check_vnode_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd, + error = mac_vnode_check_create(td->td_ucred, nd.ni_dvp, &nd.ni_cnd, &vattr); if (error) goto out; @@ -3550,7 +3550,7 @@ restart: goto out; } #ifdef MAC - error = mac_check_vnode_unlink(td->td_ucred, nd.ni_dvp, vp, + error = mac_vnode_check_unlink(td->td_ucred, nd.ni_dvp, vp, &nd.ni_cnd); if (error) goto out; @@ -3641,7 +3641,7 @@ unionread: vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); loff = auio.uio_offset = fp->f_offset; #ifdef MAC - error = mac_check_vnode_readdir(td->td_ucred, vp); + error = mac_vnode_check_readdir(td->td_ucred, vp); if (error) { VOP_UNLOCK(vp, 0, td); VFS_UNLOCK_GIANT(vfslocked); @@ -3785,7 +3785,7 @@ unionread: AUDIT_ARG(vnode, vp, ARG_VNODE1); loff = auio.uio_offset = fp->f_offset; #ifdef MAC - error = mac_check_vnode_readdir(td->td_ucred, vp); + error = mac_vnode_check_readdir(td->td_ucred, vp); if (error == 0) #endif error = VOP_READDIR(vp, &auio, fp->f_cred, &eofflag, NULL, @@ -3903,7 +3903,7 @@ revoke(td, uap) goto out; } #ifdef MAC - error = mac_check_vnode_revoke(td->td_ucred, vp); + error = mac_vnode_check_revoke(td->td_ucred, vp); if (error) goto out; #endif @@ -4126,7 +4126,7 @@ fhopen(td, uap) if (fmode & O_APPEND) mode |= VAPPEND; #ifdef MAC - error = mac_check_vnode_open(td->td_ucred, vp, mode); + error = mac_vnode_check_open(td->td_ucred, vp, mode); if (error) goto bad; #endif @@ -4148,7 +4148,7 @@ fhopen(td, uap) * We don't yet have fp->f_cred, so use td->td_ucred, which * should be right. */ - error = mac_check_vnode_write(td->td_ucred, td->td_ucred, vp); + error = mac_vnode_check_write(td->td_ucred, td->td_ucred, vp); if (error == 0) { #endif VATTR_NULL(vap); @@ -4337,7 +4337,7 @@ kern_fhstatfs(struct thread *td, fhandle_t fh, struct statfs *buf) if (error) goto out; #ifdef MAC - error = mac_check_mount_stat(td->td_ucred, mp); + error = mac_mount_check_stat(td->td_ucred, mp); if (error) goto out; #endif diff --git a/sys/kern/vfs_vnops.c b/sys/kern/vfs_vnops.c index 4f5305e..5083574 100644 --- a/sys/kern/vfs_vnops.c +++ b/sys/kern/vfs_vnops.c @@ -148,7 +148,7 @@ restart: goto restart; } #ifdef MAC - error = mac_check_vnode_create(cred, ndp->ni_dvp, + error = mac_vnode_check_create(cred, ndp->ni_dvp, &ndp->ni_cnd, vap); if (error == 0) { #endif @@ -213,7 +213,7 @@ restart: if (fmode & O_APPEND) mode |= VAPPEND; #ifdef MAC - error = mac_check_vnode_open(cred, vp, mode); + error = mac_vnode_check_open(cred, vp, mode); if (error) goto bad; #endif @@ -387,10 +387,10 @@ vn_rdwr(rw, vp, base, len, offset, segflg, ioflg, active_cred, file_cred, #ifdef MAC if ((ioflg & IO_NOMACCHECK) == 0) { if (rw == UIO_READ) - error = mac_check_vnode_read(active_cred, file_cred, + error = mac_vnode_check_read(active_cred, file_cred, vp); else - error = mac_check_vnode_write(active_cred, file_cred, + error = mac_vnode_check_write(active_cred, file_cred, vp); } #endif @@ -520,7 +520,7 @@ vn_read(fp, uio, active_cred, flags, td) ioflag |= sequential_heuristic(uio, fp); #ifdef MAC - error = mac_check_vnode_read(active_cred, fp->f_cred, vp); + error = mac_vnode_check_read(active_cred, fp->f_cred, vp); if (error == 0) #endif error = VOP_READ(vp, uio, ioflag, fp->f_cred); @@ -580,7 +580,7 @@ vn_write(fp, uio, active_cred, flags, td) uio->uio_offset = fp->f_offset; ioflag |= sequential_heuristic(uio, fp); #ifdef MAC - error = mac_check_vnode_write(active_cred, fp->f_cred, vp); + error = mac_vnode_check_write(active_cred, fp->f_cred, vp); if (error == 0) #endif error = VOP_WRITE(vp, uio, ioflag, fp->f_cred); @@ -635,7 +635,7 @@ vn_stat(vp, sb, active_cred, file_cred, td) u_short mode; #ifdef MAC - error = mac_check_vnode_stat(active_cred, file_cred, vp); + error = mac_vnode_check_stat(active_cred, file_cred, vp); if (error) return (error); #endif @@ -783,7 +783,7 @@ vn_poll(fp, events, active_cred, td) vfslocked = VFS_LOCK_GIANT(vp->v_mount); #ifdef MAC vn_lock(vp, LK_EXCLUSIVE | LK_RETRY, td); - error = mac_check_vnode_poll(active_cred, fp->f_cred, vp); + error = mac_vnode_check_poll(active_cred, fp->f_cred, vp); VOP_UNLOCK(vp, 0, td); if (!error) #endif |